Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Google Chrome OS Security Model Breaks the Traditional Mold

With Chrome OS, Google says it has abandoned the traditional operating system security model and put its focus on using process isolation, verified boot, encryption and system hardening to protect users.

Google took some criticism earlier in 2009 when it made what some thought were extraordinary claims about Chrome OS-namely that its "users don't have to deal with viruses, malware and security updates." The claims touched off a round of speculation, and many analysts said at the time they expected Chrome OS to use its focus on supporting cloud applications to its advantage.

This prediction turned out to be correct.

Further reading

"All the end-user applications are Web applications, and Web applications, as you know, have a different security model," explained Google Engineering Director Matthew Papakipos. "Their security model is [that] apps are treated at a system level as if they're fundamentally hostile ... Web applications can't change files on your hard disk [and] can't reconfigure your power settings-there are many things that Web applications intentionally cannot do that give it a better security profile."

"What this security sandbox means is that every tab that you run in Chrome OS is running completely locked down and separated from the other tabs on the system, but also from the underlying operating system," Papakipos continued. "We've protected the OS from Web applications [and] we've protected the Web applications from each other."

But Chrome OS' security actually begins with a process Google calls verified boot, where the system checks to make sure the user is running the most current version of the operating system.

"The essence of the verified boot process is that every time that you boot, we double-check to make sure that you are running what you should be running," he said. "So the basic concept is that [all components] of software in Chrome OS, from the firmware to the kernel to Chrome itself to the whole root file system, have what's called a cryptographic signature attached to them."

If a problem is detected with the signature, the system offers to reboot and then automatically downloads any necessary patches. At the file system level, Google made the root partition read-only, and everything on the user partition is encrypted, Papakipos said.

"This means that if some bad guy gets it, opens up your machine with a screwdriver, pulls out the drive [and] puts it in another computer, they'll have a very hard time reading those bits," he said. "As with all security, anything can be cracked, but we've made it very, very difficult."

More technical detail on how Google has hardened the operating system can be found here. Sundar Pichai, vice president of product management at Google, said the company is aiming to release a netbook running on Chrome OS around the end of 2010. While no operating system is going to be totally secure, it is possible to do better than the industry is today, he said.

"Security is not an abstract issue; it really makes a difference in the lives of people," Pichai said. "People struggle a lot with issues with their computers, so we really want to make it better."

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.